1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

In Progress Unknown Agent is using up HDD Space

Discussion in 'Virus & Other Malware Removal' started by James321, Jun 16, 2019.

Thread Status:
Not open for further replies.
Advertisement
  1. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    This is a problem that keeps coming back. Out of 141GB total disk space, I only have about 29GB free. However some unknown agent is progressively eating up the remaining disk space so that only 21GB are free at present without any significant files having been created to account for it.

    Using junk file cleaning software doesn't make any real difference.

    I have managed to get my full 29GB of free space back again in the past using three different methods that, for whatever reason, were not repeatable:

    1. Performing a Disk Wipe of Free HDD space.
    2. Performing a HDD defrag using Windows Accessories System Tools.
    3. Performing a full C:/ drive file search on Windows Explorer including non-indexed regions.

    I don't know why any of these three methods could have worked and, as said, each was not repeatable.

    Do I have a virus or malware on my PC?
     
  2. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    Looking on the web it seems that others have had similar problems and that a virus that creates junk files is suspected.

    This must, therefore, be a problem Tech Support Guy is aware of?

    The free space on my disk is dwindling on an almost daily basis so if the problem isn't solved, eventually my computer will die. How many other computers have gone down the same road already?
     
  3. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi,

    Sorry for the delay. Please do this:

    ---------------------------------------------------
    WinDirStat

    Please download and install WinDirStat.
    • Double-click the desktop shortcut to run WinDirStat
    • Click Individual Drives, then click C: (or your hard drive letter)
    • Click OK
    • When the program is finished, a graphic display of your hard drive will appear
    • Let me know which files/folders are taking up the most space.

    ---------------------------------------------------
    Farbar Recovery Scan Tool (FRST)

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.
    • Double-click FRST.exe/FRST64.exe to run it. When the tool opens click Yes to the disclaimer.
    • Make sure that under Optional Scans, the Addition.txt box is checked.
    • Press the Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The tool will also produce another log (Addition.txt). Please attach this to your reply.
     
  4. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    I've used WinDirStat previously and it didn't really reveal any suspicious files I wasn't aware of.

    I ran FRST, however I was forced to run an older version of FRST, which I then updated, because Norton 360 blocked and deleted the latest FRST version due to there being too few users. Here are the two logs; FRST.txt and Addition.txt:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014 (ATTENTION: ====> FRST version is 1746 days old and could be outdated)
    Ran by G Alexander (administrator) on MYHOME-PC on 19-06-2019 12:20:42
    Running from C:\Users\G Alexander\Downloads
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Symantec Corporation) C:\Program Files\Norton 360\Engine\22.15.2.22\nortonsecurity.exe
    (Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\ACFXAU32.exe
    (Symantec Corporation) C:\Program Files\Norton 360\Engine\22.15.2.22\nortonsecurity.exe
    (Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
    () C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    (OsdMaestro) C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    (Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
    (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
    (Hewlett-Packard) C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
    (Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Farbar) C:\Users\G Alexander\Downloads\frst (1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
    HKLM\...\Run: [Philips Device Listener] => C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [375296 2010-05-27] ()
    HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro)
    HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company)
    HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [837640 2015-12-08] (DivX, LLC)
    HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\SETUP4A940181248\SETUP\SETUP.EXE [999424 2008-03-18] (Conexant Systems, Inc.)
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard)
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle Corporation)
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44024 2019-06-10] (Glarysoft Ltd)
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16664352 2019-06-04] (Piriform Software Ltd)
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\22.15.2.22\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\22.15.2.22\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\22.15.2.22\buShell.dll (Symantec Corporation)
    BootExecute: autocheck autochk *

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://duckduckgo.com/
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKLM - {3C4FEA24-ECEB-40EC-988E-5804BE29627C} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
    SearchScopes: HKCU - {3C4FEA24-ECEB-40EC-988E-5804BE29627C} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
    SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = https://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=GB&ver=22.15.2.22&locale=en_GB&guid=AAF36E2B-58F6-11DF-BB8D-9833D262F732&doi=2016-09-01&gct=kwd&qsrc=2869
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\22.15.2.22\coIEPlg.dll (Symantec Corporation)
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll (Oracle Corporation)
    BHO: No Name -> {97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\22.15.2.22\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\22.15.2.22\coIEPlg.dll (Symantec Corporation)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775
    FF NetworkProxy: "autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us0-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS dyn-51-68-205-163-473d-1f1e29.fourqt.com:663';}"
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_207.dll ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.2.2629 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
    FF Extension: No Name - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2019-05-25]
    FF Extension: Hoxx VPN Proxy - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\@hoxx-vpn.xpi [2018-08-07]
    FF Extension: No Name - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2017-12-20]
    FF Extension: No Name - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2018-09-26]
    FF Extension: No Name - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2019-05-07]
    FF Extension: No Name - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2017-09-08]
    FF Extension: No Name - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2017-09-08]
    FF Extension: DuckDuckGo Plus - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2017-02-22]
    FF Extension: NoScript - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-13]
    FF Extension: No Name - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2018-11-19]
    FF Extension: No Name - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2019-05-06]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-15]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360\Engine\22.15.2.22\Exts\Chrome.crx []
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe) [File not signed]
    S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S4 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
    R2 NortonSecurity; C:\Program Files\Norton 360\Engine\22.15.2.22\NortonSecurity.exe [288936 2019-03-27] (Symantec Corporation)
    R2 XAudioService; C:\Windows\system32\DRIVERS\ACFXAU32.exe [386560 2007-07-10] (Conexant Systems, Inc.)
    S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 acfva; C:\Windows\System32\DRIVERS\ACFVA32.sys [86656 2007-06-29] (Conexant Systems Inc.)
    R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190617.001\BHDrvx86.sys [1421016 2019-02-11] (Symantec Corporation)
    R1 ccSet_NGC; C:\Windows\system32\drivers\NGC\160F020.016\ccSetx86.sys [148192 2019-03-27] (Symantec Corporation)
    S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP32.sys [28800 2007-07-10] (Conexant Systems, Inc.)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [399368 2019-06-07] (Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [121864 2019-06-11] (Symantec Corporation)
    R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [33624 2015-01-21] ()
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [25864 2018-11-28] (Glarysoft Ltd)
    R1 IDSVix86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20190618.061\IDSvix86.sys [1199624 2019-04-18] (Symantec Corporation)
    R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK32.sys [12672 2007-03-15] (Conexant)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MTDVC2; C:\Windows\System32\DRIVERS\mtdv2ku2.sys [12288 2003-10-15] (Matsushita Electric Industrial Co., Ltd.)
    S3 MTDVC2_ENUM; C:\Windows\System32\DRIVERS\mtdv2ks2.sys [11648 2003-10-11] (Matsushita Electric Industrial Co., Ltd.)
    R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc.)
    R3 SRTSP; C:\Windows\System32\Drivers\NGC\160F020.016\SRTSP.SYS [703456 2019-03-27] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NGC\160F020.016\SRTSPX.SYS [42464 2019-03-27] (Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NGC\160F020.016\SYMEFASI.SYS [1476776 2019-03-27] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [85072 2018-06-10] (Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NGC\160F020.016\Ironx86.SYS [243272 2019-03-27] (Symantec Corporation)
    R1 SYMTDIv; C:\Windows\System32\Drivers\NGC\160F020.016\symtdiv.sys [351880 2019-03-27] (Symantec Corporation)
    R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU32.sys [8704 2007-07-10] (Conexant Systems, Inc.)
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NAVENG; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160620.002\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160620.002\NAVEX15.SYS [X]
    S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 STV680; system32\drivers\STV680.sys [X]
    S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2019-06-19 09:38 - 2019-06-19 09:38 - 00003400 _____ () C:\Windows\PFRO.log
    2019-06-18 15:47 - 2019-06-18 15:49 - 17720184 _____ (Glarysoft Ltd) C:\Users\G Alexander\Downloads\Glary_Utilities_v5.121.0.146.exe
    2019-06-16 12:45 - 2019-06-16 12:45 - 00000000 ____D () C:\Users\G Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
    2019-06-16 12:45 - 2019-06-16 12:45 - 00000000 ____D () C:\Users\G Alexander\AppData\Roaming\Dashlane
    2019-06-16 12:44 - 2019-06-16 12:44 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
    2019-06-16 12:44 - 2019-06-16 12:44 - 00000000 ____D () C:\ProgramData\ProductData
    2019-06-16 12:43 - 2019-06-16 13:30 - 00000000 ____D () C:\Program Files\IObit
    2019-06-16 12:43 - 2019-06-16 12:44 - 00000000 ____D () C:\Users\G Alexander\AppData\Roaming\IObit
    2019-06-16 12:43 - 2019-06-16 12:44 - 00000000 ____D () C:\ProgramData\IObit
    2019-06-16 12:43 - 2019-06-16 12:43 - 00000000 ____D () C:\Program Files\Common Files\IObit
    2019-06-12 11:53 - 2019-06-12 11:53 - 06234168 _____ (Adobe) C:\Windows\system32\FlashPlayerInstaller.exe
    2019-06-09 18:22 - 2019-05-13 03:15 - 00029680 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
    2019-06-04 10:04 - 2019-06-04 10:04 - 01124056 _____ (Symantec Corporation) C:\Users\G Alexander\Downloads\NortonN360Downloader(1).exe
    2019-06-04 09:44 - 2019-06-04 09:44 - 01124056 _____ (Symantec Corporation) C:\Users\G Alexander\Downloads\NortonN360Downloader.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2019-06-19 12:22 - 2016-09-30 22:57 - 00019591 _____ () C:\Users\G Alexander\Downloads\FRST.txt
    2019-06-19 12:21 - 2013-08-19 11:56 - 00000000 ____D () C:\FRST
    2019-06-19 11:38 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2019-06-19 11:38 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2019-06-19 11:26 - 2007-09-21 21:14 - 01417250 _____ () C:\Windows\WindowsUpdate.log
    2019-06-19 09:52 - 2006-11-02 13:37 - 00000000 ____D () C:\Program Files\Windows Sidebar
    2019-06-19 09:43 - 2018-11-28 13:56 - 00000000 ____D () C:\Program Files\Glary Utilities 5
    2019-06-19 09:38 - 2019-06-19 09:38 - 00003400 _____ () C:\Windows\PFRO.log
    2019-06-19 09:38 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2019-06-18 22:45 - 2006-11-02 14:01 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2019-06-18 22:44 - 2017-11-21 18:09 - 00000000 ____D () C:\Users\G Alexander\AppData\Roaming\vlc
    2019-06-18 20:30 - 2016-11-15 17:58 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2019-06-18 17:11 - 2010-05-25 18:53 - 00000000 ____D () C:\Users\G Alexander\AppData\Local\CrashDumps
    2019-06-18 15:51 - 2018-11-28 13:57 - 00000895 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2019-06-18 15:51 - 2018-11-28 13:57 - 00000883 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
    2019-06-18 15:49 - 2019-06-18 15:47 - 17720184 _____ (Glarysoft Ltd) C:\Users\G Alexander\Downloads\Glary_Utilities_v5.121.0.146.exe
    2019-06-18 15:43 - 2019-01-02 18:56 - 00000810 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2019-06-16 13:30 - 2019-06-16 12:43 - 00000000 ____D () C:\Program Files\IObit
    2019-06-16 12:50 - 2007-06-06 21:10 - 00000000 ____D () C:\Windows\Panther
    2019-06-16 12:45 - 2019-06-16 12:45 - 00000000 ____D () C:\Users\G Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
    2019-06-16 12:45 - 2019-06-16 12:45 - 00000000 ____D () C:\Users\G Alexander\AppData\Roaming\Dashlane
    2019-06-16 12:44 - 2019-06-16 12:44 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
    2019-06-16 12:44 - 2019-06-16 12:44 - 00000000 ____D () C:\ProgramData\ProductData
    2019-06-16 12:44 - 2019-06-16 12:43 - 00000000 ____D () C:\Users\G Alexander\AppData\Roaming\IObit
    2019-06-16 12:44 - 2019-06-16 12:43 - 00000000 ____D () C:\ProgramData\IObit
    2019-06-16 12:43 - 2019-06-16 12:43 - 00000000 ____D () C:\Program Files\Common Files\IObit
    2019-06-13 12:43 - 2017-08-25 17:23 - 00000000 ____D () C:\Users\G Alexander\AppData\Roaming\Stellarium
    2019-06-12 11:53 - 2019-06-12 11:53 - 06234168 _____ (Adobe) C:\Windows\system32\FlashPlayerInstaller.exe
    2019-06-12 11:53 - 2013-02-25 12:52 - 00842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
    2019-06-12 11:53 - 2011-12-18 11:00 - 00175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2019-06-12 11:53 - 2007-06-06 20:38 - 00000000 ____D () C:\Windows\system32\Macromed
    2019-06-09 18:25 - 2007-09-21 21:24 - 00000000 ____D () C:\Users\G Alexander
    2019-06-09 18:25 - 2006-11-02 11:22 - 63438848 _____ () C:\Windows\system32\config\SOFTWARE.gu.bak
    2019-06-09 18:25 - 2006-11-02 11:22 - 58195968 _____ () C:\Windows\system32\config\COMPONENTS.gu.bak
    2019-06-09 18:25 - 2006-11-02 11:22 - 17301504 _____ () C:\Windows\system32\config\SYSTEM.gu.bak
    2019-06-09 18:25 - 2006-11-02 11:22 - 01835008 _____ () C:\Windows\system32\config\DEFAULT.gu.bak
    2019-06-09 18:25 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SECURITY.gu.bak
    2019-06-09 18:24 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\SAM.gu.bak
    2019-06-04 10:07 - 2010-04-29 19:10 - 00000000 ____D () C:\ProgramData\Norton
    2019-06-04 10:04 - 2019-06-04 10:04 - 01124056 _____ (Symantec Corporation) C:\Users\G Alexander\Downloads\NortonN360Downloader(1).exe
    2019-06-04 09:46 - 2012-04-03 19:21 - 00000000 ____D () C:\Users\Public\Downloads\Norton
    2019-06-04 09:44 - 2019-06-04 09:44 - 01124056 _____ (Symantec Corporation) C:\Users\G Alexander\Downloads\NortonN360Downloader.exe
    2019-06-01 20:34 - 2019-01-28 16:39 - 00000000 ____D () C:\Users\G Alexander\Documents\VSO Downloader

    Files to move or delete:
    ====================
    C:\ProgramData\SMRResults521.dat


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2019-06-19 09:46

    ==================== End Of Log ============================



    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-09-2014
    Ran by G Alexander at 2019-06-19 12:22:55
    Running from C:\Users\G Alexander\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton 360 (Enabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
    FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
    Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
    Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.207 - Adobe)
    Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
    Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Amazon MP3 Downloader 1.0.9 (HKLM\...\Amazon MP3 Downloader) (Version: - )
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.58 - Piriform)
    DiskCheckup v3.4 (HKLM\...\DiskCheckup_is1) (Version: 3.4.1003 - PassMark Software)
    DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
    DivX Content Uploader (HKLM\...\DivX Content Uploader) (Version: 1.0.0 - DivX, Inc.)
    DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
    DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
    DivX Setup (HKLM\...\DivX Setup) (Version: 2.8.0.13 - DivX, LLC)
    GearDrvs (Version: 1 - Symantec Corporation) Hidden
    GearDrvs (Version: 1.00.0000 - GEAR Software) Hidden
    Glary Utilities 5.121 (HKLM\...\Glary Utilities 5) (Version: 5.121.0.146 - Glarysoft Ltd)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
    HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
    HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
    HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
    HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)
    HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - )
    HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
    HP Photosmart Essential2.5 (Version: 1.00.0000 - Hewlett-Packard) Hidden
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPSSupply (Version: 100.0.172.000 - Hewlett-Packard) Hidden
    Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.10.0 - Intel)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
    Java 8 Update 211 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
    Java Auto Updater (Version: 2.8.211.12 - Oracle Corporation) Hidden
    L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version: - )
    LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version: - )
    Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version: - )
    LightScribe 1.4.142.1 (Version: 1.4.142.1 - http://www.lightscribe.com) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (Version: 4.5.51209 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (Version: 12.0.21005 - Microsoft Corporation) Hidden
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Mozilla Firefox 52.9.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 en-US)) (Version: 52.9.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0 - Mozilla)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NirSoft SmartSniff (HKLM\...\NirSoft SmartSniff) (Version: - )
    Norton 360 (HKLM\...\NGC) (Version: 22.15.2.22 - Symantec Corporation)
    OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
    Philips Songbird (HKLM\...\Philips Songbird) (Version: 3.2.1667 (1667) - Koninklijke Philips Electronics N.V.)
    PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
    Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
    QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
    Roxio Activation Module (Version: 1.0 - Roxio) Hidden
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
    Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
    Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
    Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
    Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.559 - Roxio)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Stellarium 0.16.0 (HKLM\...\Stellarium_is1) (Version: 0.16.0 - Stellarium team)
    Symantec Technical Support Web Controls (HKLM\...\{DDC63227-BA06-4855-B002-BDB49E9F677E}) (Version: 3.4.0 - Symantec Corporation)
    TreeSize Free V2.7 (HKLM\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
    Ulead Photo Explorer 8.0 SE Basic (HKLM\...\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}) (Version: 8.0 - Ulead Systems, Inc.)
    Ulead Photo Express 5 SE (HKLM\...\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}) (Version: 5.0 - Ulead Systems)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{02206DCC-0CAF-46BB-8EDC-6C281AA21EFA}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{7C3337E5-1294-4270-A64F-DCEF812159E5}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    USB Modem (HKLM\...\CNXT_MODEM_USB_ACF) (Version: 2.0.15.50 - Conexant)
    V5385 Digital Camera Driver (HKLM\...\V5385 Digital Camera Driver) (Version: - )
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    Virtual Moon Atlas (HKLM\...\Virtual Moon Atlas) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    VSO Downloader 5.0.1.56 (HKLM\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.0.1.56 - VSO Software)
    VSO EVE Network Driver version 1.0.0.28 (HKLM\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.28 - VSO Software)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
    Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.57\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.69\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.2.183.39\goopdate.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.79\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation )
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.149\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.65\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File

    ==================== Restore Points =========================

    27-05-2019 09:47:08 Scheduled Checkpoint
    08-06-2019 10:01:30 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 11:23 - 2016-07-04 15:55 - 00000738 ____N C:\Windows\system32\Drivers\etc\hosts
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK No Task File <==== ATTENTION
    Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
    Task: {3099B68A-3E9C-413D-8272-AD8CC795DA38} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2015-11-30] (DivX, LLC)
    Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
    Task: {3D29CDA5-6CF1-40A5-87D6-44367C9284F5} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2019-06-10] (Glarysoft Ltd)
    Task: {4280A5C5-3016-4CEF-856F-2FA254FF45A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2019-06-04] (Piriform Software Ltd)
    Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
    Task: {4A93ACA7-60B2-4285-B849-850F22C34536} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
    Task: {5CDBEA5A-63E9-4161-B7A2-E4EF8274FB04} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton 360\Engine\22.15.2.22\SymErr.exe [2019-03-27] (Symantec Corporation)
    Task: {61F6B430-8382-4CBE-B43B-A7C8AFBBB16B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2019-06-04] (Piriform Software Ltd)
    Task: {663B1AED-7127-48DF-9D34-ADEF1455F2CE} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
    Task: {696D6F43-21E8-4D19-8FD5-99507025B2C2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [2019-06-12] (Adobe)
    Task: {76B34B77-645B-42FD-87B6-4991E7D71D24} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {77F05E5E-E3AF-4A9C-BDD0-478F1BCC00CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2019-06-12] (Adobe)
    Task: {8531B062-087D-4E4F-BECE-4DE01A6B7EE0} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\22.15.2.22\WSCStub.exe [2019-03-27] (Symantec Corporation)
    Task: {9223E4FC-6866-413E-B0C1-F7E094EF859D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe
    Task: {929B89E9-E9C9-438B-BADA-ADA4CC078610} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton 360\Engine\22.15.2.22\SymErr.exe [2019-03-27] (Symantec Corporation)
    Task: {A53F798E-B694-4B93-9FF0-99AF8EEBA4F6} - \SUPERAntiSpyware Scheduled Task 8c8481dd-6ad2-4e5c-bceb-4ebcc78b1a3b No Task File <==== ATTENTION
    Task: {B6A45733-D1FB-41B3-BE0F-F441A94938EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000 => C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
    Task: {F96263AB-2013-41C8-9F2F-F4C43BD3343C} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - G Alexander => C:\Program Files\Windows Calendar\wincal.exe [2009-04-11] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Loaded Modules (whitelisted) =============

    2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-05-27 16:52 - 2010-05-27 16:52 - 00375296 _____ () C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    2019-06-10 02:51 - 2019-06-10 02:51 - 00087024 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
    2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
    2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:1CD23587

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ==================== Faulty Device Manager Devices =============

    Name: USB CF Reader
    Description: USB CF Reader
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic
    Service: WUDFRd
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: USB MS Reader
    Description: USB MS Reader
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic
    Service: WUDFRd
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: USB SD Reader
    Description: USB SD Reader
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic
    Service: WUDFRd
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: USB SM Reader
    Description: USB SM Reader
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic
    Service: WUDFRd
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/18/2019 10:17:18 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
    Description: The entry <C:\USERS\G ALEXANDER\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\3N1I3K8C.DEFAULT-1481992509775\SAFEBROWSING-BACKUP> in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog


    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Error: (06/18/2019 07:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 4790759

    Error: (06/18/2019 07:01:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 4790759

    Error: (06/18/2019 07:01:58 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/16/2019 00:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1316446

    Error: (06/16/2019 00:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1316446

    Error: (06/16/2019 00:12:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/15/2019 05:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1407987

    Error: (06/15/2019 05:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1407987

    Error: (06/15/2019 05:13:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (06/19/2019 11:20:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman

    Error: (06/18/2019 09:39:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman

    Error: (06/15/2019 11:30:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman

    Error: (06/13/2019 11:50:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman

    Error: (06/10/2019 09:06:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: Norton Security11200001Restart the service

    Error: (06/09/2019 11:00:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman

    Error: (06/04/2019 09:24:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman

    Error: (06/04/2019 08:12:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman

    Error: (06/03/2019 10:44:55 PM) (Source: DCOM) (EventID: 10010) (User: )
    Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

    Error: (06/03/2019 10:30:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: 30000Netman


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2019-06-19 12:22:03.718
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 12:22:01.601
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 12:21:59.686
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 12:21:57.877
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 12:21:34.432
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190617.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 12:21:32.627
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190617.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 12:21:30.649
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190617.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 12:21:28.851
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190617.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2019-03-26 17:50:10.205
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys because the set of per-page image hashes could not be found on the system.

    Date: 2019-03-26 17:50:07.787
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz
    Percentage of memory in use: 74%
    Total physical RAM: 2038.63 MB
    Available physical RAM: 526.25 MB
    Total Pagefile: 4320.54 MB
    Available Pagefile: 2453.6 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1912.08 MB

    ==================== Drives ================================

    Drive c: (COMPAQ) (Fixed) (Total:141.4 GB) (Free:21.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (Recovery) (Fixed) (Total:7.65 GB) (Free:0.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=141.4 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=7.6 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     

    Attached Files:

  5. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi,

    The Norton detection is a false positive. Please download and run the latest version of FRST from here, and copy/paste the FRST.txt and Addition.txt reports to your reply.
     
  6. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    Norton 360 still didn't like it as it tried to block what it considered suspicious internet activity when FRST was updating.

    Also FRST was very slow when running and the PC became very busy and almost unresponsive once the reports were generated. But here they are:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-06-2019
    Ran by G Alexander (administrator) on MYHOME-PC (Compaq-Presario GM274AA-ABU SR5109UK) (19-06-2019 20:16:50)
    Running from C:\Users\G Alexander\Downloads
    Loaded Profiles: G Alexander (Available Profiles: G Alexander)
    Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) Language: English (United States)
    Internet Explorer Version 9 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    () [File not signed] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Glarysoft LTD -> Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
    (Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    (Hewlett-Packard Company) [File not signed] C:\hp\support\hpsysdrv.exe
    (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
    (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
    (Intel Corporation -> Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
    (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\ACFXAU32.exe
    (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Oracle America, Inc. -> Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (OsdMaestro) [File not signed] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    (Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton 360\Engine\22.15.2.22\nortonsecurity.exe
    (Symantec Corporation -> Symantec Corporation) C:\Program Files\Norton 360\Engine\22.15.2.22\nortonsecurity.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor)
    HKLM\...\Run: [Philips Device Listener] => C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [375296 2010-05-27] () [File not signed]
    HKLM\...\Run: [OsdMaestro] => C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [118784 2007-02-15] (OsdMaestro) [File not signed]
    HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2006-09-28] (Hewlett-Packard Company) [File not signed]
    HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [837640 2015-12-08] (DivX, LLC -> DivX, LLC)
    HKLM\...\Run: [CnxtCoInstallerDefer] => C:\Program Files\CONEXANT\SETUP4A940181248\SETUP\SETUP.EXE [999424 2008-03-18] (Conexant Systems, Inc.) [File not signed]
    HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-03-20] (Apple Inc. -> Apple Inc.)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard Company -> Hewlett-Packard)
    HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    HKLM\...\Run: [OrderReminder] => C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe [98304 2006-01-30] (Hewlett-Packard) [File not signed]
    HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
    HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => C:\Windows\system32\oobefldr.dll [2153472 2009-04-11] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Windows -> Microsoft Corporation)
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [44024 2019-06-10] (Glarysoft LTD -> Glarysoft Ltd)
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner.exe [16664352 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Drivers32: [vidc.XVID] => C:\Windows\system32\xvidvfw.dll [180224 2007-06-28] () [File not signed]
    HKLM\...\Drivers32: [wave1] => C:\Windows\system32\serwvdrv.dll [18432 2006-11-02] (Microsoft Windows -> Microsoft Corporation)
    HKLM\...\Drivers32: [vidc.DIVX] => C:\Windows\system32\DivX.dll [696320 2009-11-14] (DivX, Inc.) [File not signed]
    HKLM\...\Drivers32: [vidc.yv12] => C:\Windows\system32\DivX.dll [696320 2009-11-14] (DivX, Inc.) [File not signed]
    BootExecute: autocheck autochk *
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {036D8FCA-9504-4FC6-8E2B-C9BCC87A45F3} - System32\Tasks\{7C3FB5FD-4DF7-42AE-B958-D1C774043252} => C:\Windows\system32\pcalua.exe -a "C:\Users\G Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAA3MRYY\setup[1].exe" -d "C:\Users\G Alexander\Desktop"
    Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK -> No File <==== ATTENTION
    Task: {1FB8D179-9CB8-426F-A09B-2C0317C58C3E} - System32\Tasks\{CA631791-60F9-4940-90AF-0B55608DE95F} => C:\Windows\system32\pcalua.exe -a "C:\Users\G Alexander\Downloads\i2pinstall_0.9.28_windows(1).exe" -d "C:\Users\G Alexander\Downloads"
    Task: {3099B68A-3E9C-413D-8272-AD8CC795DA38} - System32\Tasks\DivXUpdate => C:\Program Files\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [1746952 2015-11-30] (DivX, LLC -> DivX, LLC)
    Task: {3D29CDA5-6CF1-40A5-87D6-44367C9284F5} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [136688 2019-06-10] (Glarysoft LTD -> Glarysoft Ltd)
    Task: {4280A5C5-3016-4CEF-856F-2FA254FF45A2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16664352 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {5CDBEA5A-63E9-4161-B7A2-E4EF8274FB04} - System32\Tasks\Norton 360\Norton 360 Error Analyzer => C:\Program Files\Norton 360\Engine\22.15.2.22\SymErr.exe [89104 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    Task: {61F6B430-8382-4CBE-B43B-A7C8AFBBB16B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-06-04] (Piriform Software Ltd -> Piriform Software Ltd)
    Task: {6607BFF6-6501-410C-A7B3-AA017A2DD669} - System32\Tasks\{EBA6B74F-9D6A-43AF-8883-DDCEF437A9DB} => C:\Windows\system32\pcalua.exe -a E:\Setup.Now.exe -d E:\
    Task: {696D6F43-21E8-4D19-8FD5-99507025B2C2} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_32_0_0_207_Plugin.exe [1457208 2019-06-12] (Adobe Inc. -> Adobe) [File not signed]
    Task: {76B34B77-645B-42FD-87B6-4991E7D71D24} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [563000 2015-08-27] (Apple Inc. -> Apple Inc.)
    Task: {77F05E5E-E3AF-4A9C-BDD0-478F1BCC00CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe) [File not signed]
    Task: {8531B062-087D-4E4F-BECE-4DE01A6B7EE0} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton 360\Engine\22.15.2.22\WSCStub.exe [1831864 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    Task: {8B657E3B-1A8B-4CF3-9E27-F2D490D62EA5} - System32\Tasks\{D23F5DAA-7393-4AB4-867C-31A7F4D688BB} => C:\Windows\system32\pcalua.exe -a C:\Windows\iun6002.exe -c "C:\Users\G Alexander\Downloads\irunin.ini" <==== ATTENTION
    Task: {9223E4FC-6866-413E-B0C1-F7E094EF859D} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe
    Task: {929B89E9-E9C9-438B-BADA-ADA4CC078610} - System32\Tasks\Norton 360\Norton 360 Error Processor => C:\Program Files\Norton 360\Engine\22.15.2.22\SymErr.exe [89104 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    Task: {A53F798E-B694-4B93-9FF0-99AF8EEBA4F6} - \SUPERAntiSpyware Scheduled Task 8c8481dd-6ad2-4e5c-bceb-4ebcc78b1a3b -> No File <==== ATTENTION
    Task: {A63A4518-BDD8-41EC-89E0-B6AE52DB35B5} - System32\Tasks\{E2D357DF-6ECD-4191-ACAC-6AD6C6098591} => C:\Windows\system32\pcalua.exe -a "C:\Users\G Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAA3MRYY\setup[2].exe" -d "C:\Users\G Alexander\Desktop"
    Task: {B6A45733-D1FB-41B3-BE0F-F441A94938EF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4238356135-1069967474-2706294926-1000 => C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
    Tcpip\..\Interfaces\{BC5C66C2-0B0F-468F-B4E7-7AE04A5E55C6}: [DhcpNameServer] 192.168.1.1 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://duckduckgo.com/
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM -> {3C4FEA24-ECEB-40EC-988E-5804BE29627C} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
    SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> DefaultScope {68A53263-C2F6-465A-9FDC-7525A469309D} URL = hxxp://www.bing.com/search?FORM=U239DF&PC=U239&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> {3C4FEA24-ECEB-40EC-988E-5804BE29627C} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
    SearchScopes: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> {68A53263-C2F6-465A-9FDC-7525A469309D} URL = hxxp://www.bing.com/search?FORM=U239DF&PC=U239&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.co.uk/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en-GB
    SearchScopes: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=GB&ver=22.15.2.22&locale=en_GB&guid=AAF36E2B-58F6-11DF-BB8D-9833D262F732&doi=2016-09-01&gct=kwd&qsrc=2869
    BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
    BHO: Norton Identity Safety -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton 360\Engine\22.15.2.22\coIEPlg.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll [2019-05-15] (Oracle America, Inc. -> Oracle Corporation)
    BHO: No Name -> {97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll [2019-05-15] (Oracle America, Inc. -> Oracle Corporation)
    Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\22.15.2.22\coIEPlg.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    Toolbar: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\22.15.2.22\coIEPlg.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
    Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation) [File not signed]

    FireFox:
    ========
    FF ProfilePath: C:\Users\G Alexander\AppData\Roaming\Philips-Songbird\Profiles\ojjsllfg.default [2014-11-04]
    FF NetworkProxy: Philips-Songbird\Profiles\ojjsllfg.default -> no_proxies_on", "127.0.0.1;localhost"
    FF Extension: (7digital Music Store) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Artwork Extras) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (CD Rip Support) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Concerts) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (AAC Decoding Support) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (MP3 Encoding Support) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (File association) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Philips GoGear Device Manager) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (gonzo) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Gracenote Metadata Lookup Provider) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (mashTape) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (MSC Device Support) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (MTP Device Support) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Philips addon manager) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Philips Branding) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Philips auto msc-mtp switch) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Philips Skin) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Philips UI) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF Extension: (Purple Rain) - C:\Program Files\Philips\Philips Songbird\extensions\[email protected] [2011-03-06] [Legacy] [not signed]
    FF SearchPlugin: C:\Users\G Alexander\AppData\Roaming\Philips-Songbird\Profiles\ojjsllfg.default\searchplugins\a3a95a1e-a8a2-4be4-9d9b-6c5d9fd2fd30.xml [2011-03-06]
    FF ProfilePath: C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775 [2019-06-19]
    FF NetworkProxy: Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775 -> autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us0-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS dyn-51-89-139-89-30a-1f1e29.fourqt.com:663';}"
    FF Extension: (Disconnect) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2019-05-25]
    FF Extension: (Hoxx VPN Proxy) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\@hoxx-vpn.xpi [2018-08-07] [Legacy]
    FF Extension: (Flash Video Downloader) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2019-03-19]
    FF Extension: (Cookie AutoDelete) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2018-09-26]
    FF Extension: (hotfix-update-xpi-intermediate) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2019-05-15]
    FF Extension: (HTTPS Everywhere) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2019-06-06]
    FF Extension: (Privacy Badger) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2019-02-20] [UpdateUrl:hxxps://clients2.google.com/service/update2/crx]
    FF Extension: (DuckDuckGo Plus) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2017-10-15] [Legacy]
    FF Extension: (NoScript) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-02-13] [Legacy]
    FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2019-06-19]
    FF Extension: (Hotfix for Firefox bug 1548973 (armagaddon 2.0) mitigation) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\features\{a68352b1-ecca-48f1-a471-b205a7688a50}\[email protected] [2019-05-25] [Legacy]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-06-23] [Legacy] [not signed]
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_207.dll [2019-06-12] (Adobe Inc. -> ) [File not signed]
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] (Apple Inc. -> )
    FF Plugin: @divx.com/DivX Content Upload Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Content Uploader\npUpload.dll [2006-08-11] (DivX,Inc.) [File not signed]
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC -> DivX, LLC.)
    FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll [2015-12-02] (DivX, LLC -> DivX, LLC)
    FF Plugin: @java.com/DTPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\dtplugin\npDeployJava1.dll [2019-05-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.211.2 -> C:\Program Files\Java\jre1.8.0_211\bin\plugin2\npjp2.dll [2019-05-15] (Oracle America, Inc. -> Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation -> Microsoft Corporation)
    FF Plugin: @real.com/nppl3260;version=6.0.11.2571 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [2007-06-06] (RealNetworks, Inc. -> RealNetworks, Inc.)
    FF Plugin: @real.com/nprjplug;version=1.0.2.2629 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [2007-06-06] (RealNetworks, Inc.) [File not signed]
    FF Plugin: @real.com/nprpjplug;version=6.0.12.1739 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll [2007-06-06] (RealNetworks, Inc.) [File not signed]
    FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
    FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-4238356135-1069967474-2706294926-1000: @tools.google.com/Google Update;version=3 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [No File]

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360\Engine\22.15.2.22\Exts\Chrome.crx <not found>
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-06-12] (Adobe Inc. -> Adobe) [File not signed]
    S3 IDriverT; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
    S4 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
    R2 NortonSecurity; C:\Program Files\Norton 360\Engine\22.15.2.22\NortonSecurity.exe [288936 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-19] (Microsoft Windows -> Microsoft Corporation)
    R2 XAudioService; C:\Windows\system32\DRIVERS\ACFXAU32.exe [386560 2007-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 acfva; C:\Windows\System32\DRIVERS\ACFVA32.sys [86656 2007-06-29] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems Inc.)
    R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190618.001\BHDrvx86.sys [1421016 2019-02-11] (Symantec Corporation -> Symantec Corporation)
    R1 ccSet_NGC; C:\Windows\system32\drivers\NGC\160F020.016\ccSetx86.sys [148192 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    S3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP32.sys [28800 2007-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [399368 2019-06-07] (Symantec Corporation -> Symantec Corporation)
    R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [121864 2019-06-11] (Symantec Corporation -> Symantec Corporation)
    R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [33624 2015-01-21] (VSO-SOFTWARE -> )
    R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [25864 2018-11-28] (Glarysoft LTD -> Glarysoft Ltd)
    R1 IDSVix86; C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20190618.061\IDSvix86.sys [1199624 2019-04-18] (Symantec Corporation -> Symantec Corporation)
    S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [35944 2006-11-02] (Microsoft Windows -> Integrated Technology Express, Inc.)
    S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [35944 2006-11-02] (Microsoft Windows -> Integrated Technology Express, Inc.)
    R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK32.sys [12672 2007-03-15] (Microsoft Windows Hardware Compatibility Publisher -> Conexant)
    S4 Mraid35x; C:\Windows\system32\drivers\mraid35x.sys [33384 2006-11-02] (Microsoft Windows -> LSI Logic Corporation)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-12-07] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
    S3 MTDVC2; C:\Windows\System32\DRIVERS\mtdv2ku2.sys [12288 2003-10-15] (Microsoft Windows Hardware Compatibility Publisher -> Matsushita Electric Industrial Co., Ltd.)
    S3 MTDVC2_ENUM; C:\Windows\System32\DRIVERS\mtdv2ks2.sys [11648 2003-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Matsushita Electric Industrial Co., Ltd.)
    R2 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-04-18] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
    S4 ntrigdigi; C:\Windows\system32\drivers\ntrigdigi.sys [20608 2006-11-02] (Microsoft Windows -> N-trig Innovative Technologies)
    R3 RTL8169; C:\Windows\System32\DRIVERS\Rtlh86.sys [70144 2007-01-15] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Corporation)
    R3 SRTSP; C:\Windows\System32\Drivers\NGC\160F020.016\SRTSP.SYS [703456 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\NGC\160F020.016\SRTSPX.SYS [42464 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    R0 SymEFASI; C:\Windows\System32\drivers\NGC\160F020.016\SYMEFASI.SYS [1476776 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [85072 2018-06-10] (Symantec Corporation -> Symantec Corporation)
    R1 SymIRON; C:\Windows\system32\drivers\NGC\160F020.016\Ironx86.SYS [243272 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    R1 SYMTDIv; C:\Windows\System32\Drivers\NGC\160F020.016\symtdiv.sys [351880 2019-03-27] (Symantec Corporation -> Symantec Corporation)
    S4 uliahci; C:\Windows\system32\drivers\uliahci.sys [235112 2006-11-02] (Microsoft Windows -> ULi Electronics Inc.)
    S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [98408 2006-11-02] (Microsoft Windows -> Promise Technology, Inc.)
    S4 ulsata2; C:\Windows\system32\drivers\ulsata2.sys [115816 2006-11-02] (Microsoft Windows -> Promise Technology, Inc.)
    R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU32.sys [8704 2007-07-10] (Microsoft Windows Hardware Compatibility Publisher -> Conexant Systems, Inc.)
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 NAVENG; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160620.002\NAVENG.SYS [X]
    S3 NAVEX15; \??\C:\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160620.002\NAVEX15.SYS [X]
    S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 STV680; system32\drivers\STV680.sys [X]
    S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One month (created) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-19 20:09 - 2019-06-19 20:09 - 001770496 _____ (Farbar) C:\Users\G Alexander\Downloads\FRST.exe
    2019-06-18 15:47 - 2019-06-18 15:49 - 017720184 _____ (Glarysoft Ltd) C:\Users\G Alexander\Downloads\Glary_Utilities_v5.121.0.146.exe
    2019-06-16 12:45 - 2019-06-16 12:45 - 000000000 ____D C:\Users\G Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
    2019-06-16 12:45 - 2019-06-16 12:45 - 000000000 ____D C:\Users\G Alexander\AppData\Roaming\Dashlane
    2019-06-16 12:45 - 2019-06-16 12:45 - 000000000 ____D C:\Users\G Alexander\AppData\Local\Packages
    2019-06-16 12:44 - 2019-06-16 12:44 - 000000000 ____D C:\Windows\Tasks\ImCleanDisabled
    2019-06-16 12:44 - 2019-06-16 12:44 - 000000000 ____D C:\ProgramData\ProductData
    2019-06-16 12:43 - 2019-06-16 13:30 - 000000000 ____D C:\Program Files\IObit
    2019-06-16 12:43 - 2019-06-16 12:44 - 000000000 ____D C:\Users\G Alexander\AppData\Roaming\IObit
    2019-06-16 12:43 - 2019-06-16 12:44 - 000000000 ____D C:\Users\G Alexander\AppData\LocalLow\IObit
    2019-06-16 12:43 - 2019-06-16 12:44 - 000000000 ____D C:\ProgramData\IObit
    2019-06-16 12:43 - 2019-06-16 12:43 - 000000000 ____D C:\Program Files\Common Files\IObit
    2019-06-12 11:53 - 2019-06-12 11:53 - 006234168 _____ (Adobe) C:\Windows\system32\FlashPlayerInstaller.exe
    2019-06-09 18:22 - 2019-05-13 03:15 - 000029680 _____ (Glarysoft Ltd) C:\Windows\system32\RegBootDefrag.exe
    2019-06-04 10:04 - 2019-06-04 10:04 - 001124056 _____ (Symantec Corporation) C:\Users\G Alexander\Downloads\NortonN360Downloader(1).exe
    2019-06-04 09:44 - 2019-06-04 09:44 - 001124056 _____ (Symantec Corporation) C:\Users\G Alexander\Downloads\NortonN360Downloader.exe

    ==================== One month (modified) ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2019-06-19 20:20 - 2016-09-30 22:57 - 000032475 _____ C:\Users\G Alexander\Downloads\FRST.txt
    2019-06-19 20:16 - 2013-08-19 11:56 - 000000000 ____D C:\FRST
    2019-06-19 19:16 - 2016-11-15 20:31 - 000000000 ____D C:\Users\G Alexander\AppData\LocalLow\Mozilla
    2019-06-19 19:15 - 2006-11-02 13:47 - 000003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2019-06-19 19:15 - 2006-11-02 13:47 - 000003696 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2019-06-19 15:41 - 2016-11-15 17:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2019-06-19 12:24 - 2014-02-24 11:43 - 000040086 _____ C:\Users\G Alexander\Downloads\Addition.txt
    2019-06-19 11:24 - 2006-11-02 12:18 - 000000000 ____D C:\Windows\inf
    2019-06-19 09:52 - 2006-11-02 13:37 - 000000000 ____D C:\Program Files\Windows Sidebar
    2019-06-19 09:43 - 2018-11-28 13:56 - 000000000 ____D C:\Program Files\Glary Utilities 5
    2019-06-19 09:38 - 2006-11-02 14:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
    2019-06-18 22:45 - 2006-11-02 14:01 - 000032624 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2019-06-18 22:44 - 2017-11-21 18:09 - 000000000 ____D C:\Users\G Alexander\AppData\Roaming\vlc
    2019-06-18 17:11 - 2010-05-25 18:53 - 000000000 ____D C:\Users\G Alexander\AppData\Local\CrashDumps
    2019-06-18 15:51 - 2018-11-28 13:57 - 000000895 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
    2019-06-18 15:51 - 2018-11-28 13:57 - 000000883 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
    2019-06-18 15:43 - 2019-01-02 18:56 - 000000810 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2019-06-16 12:50 - 2007-06-06 21:10 - 000000000 ____D C:\Windows\Panther
    2019-06-13 12:43 - 2017-08-25 17:23 - 000000000 ____D C:\Users\G Alexander\AppData\Roaming\Stellarium
    2019-06-12 11:53 - 2013-02-25 12:52 - 000842296 _____ (Adobe) C:\Windows\system32\FlashPlayerApp.exe
    2019-06-12 11:53 - 2011-12-18 11:00 - 000175160 _____ (Adobe) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2019-06-12 11:53 - 2007-06-06 20:38 - 000000000 ____D C:\Windows\system32\Macromed
    2019-06-09 18:25 - 2007-09-21 21:24 - 000000000 ____D C:\Users\G Alexander
    2019-06-09 18:25 - 2006-11-02 11:22 - 063438848 _____ C:\Windows\system32\config\SOFTWARE.gu.bak
    2019-06-09 18:25 - 2006-11-02 11:22 - 058195968 _____ C:\Windows\system32\config\COMPONENTS.gu.bak
    2019-06-09 18:25 - 2006-11-02 11:22 - 017301504 _____ C:\Windows\system32\config\SYSTEM.gu.bak
    2019-06-09 18:25 - 2006-11-02 11:22 - 001835008 _____ C:\Windows\system32\config\DEFAULT.gu.bak
    2019-06-09 18:25 - 2006-11-02 11:22 - 000262144 _____ C:\Windows\system32\config\SECURITY.gu.bak
    2019-06-09 18:24 - 2006-11-02 11:22 - 000262144 _____ C:\Windows\system32\config\SAM.gu.bak
    2019-06-04 10:07 - 2010-04-29 19:10 - 000000000 ____D C:\ProgramData\Norton
    2019-06-04 09:46 - 2012-04-03 19:21 - 000000000 ____D C:\Users\Public\Downloads\Norton
    2019-06-01 20:34 - 2019-01-28 16:39 - 000000000 ____D C:\Users\G Alexander\Documents\VSO Downloader

    ==================== Files in the root of some directories ================

    2019-03-19 11:56 - 2019-03-19 11:56 - 000000460 _____ () C:\ProgramData\SMRResults521.dat
    2008-02-28 15:24 - 2008-02-28 15:26 - 000000124 _____ () C:\Users\G Alexander\AppData\Roaming\wklnhst.dat
    2013-10-29 11:25 - 2019-03-18 17:15 - 000001356 _____ () C:\Users\G Alexander\AppData\Local\d3d9caps.dat
    2007-09-22 09:47 - 2019-03-19 12:26 - 000135168 _____ () C:\Users\G Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2008-08-20 13:25 - 2008-08-20 13:26 - 000027404 _____ () C:\Users\G Alexander\AppData\Local\rx_audio.Cache
    2008-08-20 11:47 - 2008-08-20 11:47 - 000000000 _____ () C:\Users\G Alexander\AppData\Local\rx_image.Cache
    2011-05-19 18:25 - 2011-05-21 11:25 - 000001940 _____ () C:\Users\G Alexander\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

    ==================== SigCheck ===============================

    (There is no automatic fix for files that do not pass verification.)


    LastRegBack: 2019-06-19 09:46
    ==================== End of FRST.txt ============================



    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2019
    Ran by G Alexander (19-06-2019 20:22:58)
    Running from C:\Users\G Alexander\Downloads
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) (2007-09-21 20:16:14)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4238356135-1069967474-2706294926-500 - Administrator - Disabled)
    G Alexander (S-1-5-21-4238356135-1069967474-2706294926-1000 - Administrator - Enabled) => C:\Users\G Alexander
    Guest (S-1-5-21-4238356135-1069967474-2706294926-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Norton 360 (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton 360 (Enabled - Up to date) {19116A92-4E0F-6AEB-F126-5230691200C8}
    FW: Norton 360 (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acrobat.com (HKLM\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
    Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}) (Version: 1.0 - Microsoft Corporation) Hidden
    Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version: - Microsoft Corporation)
    Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
    Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.207 - Adobe)
    Adobe Flash Player 32 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 32.0.0.207 - Adobe)
    Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
    Amazon MP3 Downloader 1.0.9 (HKLM\...\Amazon MP3 Downloader) (Version: - )
    Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{A75CA58D-DB9C-4D14-9428-E0C7B0F623DC}) (Version: 9.0.0.26 - Apple Inc.)
    Apple Software Update (HKLM\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.58 - Piriform)
    DiskCheckup v3.4 (HKLM\...\DiskCheckup_is1) (Version: 3.4.1003 - PassMark Software)
    DivX Codec (HKLM\...\{7B63B2922B174135AFC0E1377DD81EC2}) (Version: 6.9.1 - DivX, Inc.)
    DivX Content Uploader (HKLM\...\DivX Content Uploader) (Version: 1.0.0 - DivX, Inc.)
    DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
    DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
    DivX Setup (HKLM\...\DivX Setup) (Version: 2.8.0.13 - DivX, LLC)
    GearDrvs (HKLM\...\{206FD69B-F9FE-4164-81BD-D52552BC9C23}) (Version: 1 - Symantec Corporation) Hidden
    GearDrvs (HKLM\...\{CB84F0F2-927B-458D-9DC5-87832E3DC653}) (Version: 1.00.0000 - GEAR Software) Hidden
    Glary Utilities 5.121 (HKLM\...\Glary Utilities 5) (Version: 5.121.0.146 - Glarysoft Ltd)
    Google Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
    Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.00.4424.15 - PC-Doctor, Inc.)
    HP Advisor (HKLM\...\{73A43E42-3658-4DD9-8551-FACDA3632538}) (Version: 3.1.9152.3107 - Hewlett-Packard)
    HP Customer Experience Enhancements (HKLM\...\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}) (Version: 5.1.0.2264 - Hewlett-Packard)
    HP Easy Setup - Frontend (HKLM\...\{40F7AED3-0C7D-4582-99F6-484A515C73F2}) (Version: 5.1.0.2269 - Hewlett-Packard)
    HP On-Screen Cap/Num/Scroll Lock Indicator (HKLM\...\OsdMaestro) (Version: - Hewlett-Packard)
    HP OrderReminder (HKLM\...\HP OrderReminder) (Version: 2.1 - )
    HP Photosmart Essential 2.0 (HKLM\...\HP Photosmart Essential) (Version: 2.0 - HP)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPSSupply (HKLM\...\{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}) (Version: 100.0.172.000 - Hewlett-Packard) Hidden
    Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.10.0 - Intel)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    iTunes (HKLM\...\{868B9974-4F23-494D-B6BC-4FAB92B2755D}) (Version: 12.1.3.6 - Apple Inc.)
    Java 8 Update 211 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180211F0}) (Version: 8.0.2110.12 - Oracle Corporation)
    L&H TTS3000 British English (HKLM\...\LHTTSENG) (Version: - )
    LaserJet 1018 (HKLM\...\HP-LaserJet 1018) (Version: - )
    Lernout & Hauspie TruVoice American English TTS Engine (HKLM\...\tv_enua) (Version: - )
    LightScribe 1.4.142.1 (HKLM\...\{CE386A4E-D0DA-4208-8235-BCE43275C694}) (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
    Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version: - )
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
    Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
    Mozilla Firefox 52.9.0 ESR (x86 en-US) (HKLM\...\Mozilla Firefox 52.9.0 ESR (x86 en-US)) (Version: 52.9.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.9.0 - Mozilla)
    MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NirSoft SmartSniff (HKLM\...\NirSoft SmartSniff) (Version: - )
    Norton 360 (HKLM\...\NGC) (Version: 22.15.2.22 - Symantec Corporation)
    OGA Notifier 2.0.0048.0 (HKLM\...\{B2544A03-10D0-4E5E-BA69-0362FFC20D18}) (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
    OpenOffice.org Installer 1.0 (HKLM\...\{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}) (Version: 1.0.9221 - Sun Microsystems)
    Philips Songbird (HKLM\...\Philips Songbird) (Version: 3.2.1667 (1667) - Koninklijke Philips Electronics N.V.)
    PSSWCORE (HKLM\...\{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}) (Version: 2.00.5000 - Hewlett-Packard) Hidden
    Python 2.4.3 (HKLM\...\{75E71ADD-042C-4F30-BFAC-A9EC42351313}) (Version: 2.4.3150 - Martin v. Löwis)
    QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
    RealPlayer (HKLM\...\RealPlayer 6.0) (Version: - RealNetworks)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek Semiconductor Corp.)
    Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.4.0 - Roxio)
    Roxio Creator Basic v9 (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.4.0 - Roxio)
    Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.4.0 - Roxio)
    Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.4.0 - Roxio)
    Roxio Creator EasyArchive (HKLM\...\{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}) (Version: 3.4.0 - Roxio)
    Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.4.0 - Roxio)
    Roxio Express Labeler 3 (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
    Roxio MyDVD Basic v9 (HKLM\...\{938B1CD7-7C60-491E-AA90-1F1888168240}) (Version: 9.0.559 - Roxio)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 10.0 - HP)
    Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
    Stellarium 0.16.0 (HKLM\...\Stellarium_is1) (Version: 0.16.0 - Stellarium team)
    Symantec Technical Support Web Controls (HKLM\...\{DDC63227-BA06-4855-B002-BDB49E9F677E}) (Version: 3.4.0 - Symantec Corporation)
    TreeSize Free V2.7 (HKLM\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
    Ulead Photo Explorer 8.0 SE Basic (HKLM\...\{D271DAE0-8D68-4C97-8356-A126D48A1D8C}) (Version: 8.0 - Ulead Systems, Inc.)
    Ulead Photo Express 5 SE (HKLM\...\{31383A1D-FAE6-435A-9DBD-FDB61C7C8EC9}) (Version: 5.0 - Ulead Systems)
    Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    USB Modem (HKLM\...\CNXT_MODEM_USB_ACF) (Version: 2.0.15.50 - Conexant)
    V5385 Digital Camera Driver (HKLM\...\V5385 Digital Camera Driver) (Version: - )
    VC80CRTRedist - 8.0.50727.6195 (HKLM\...\{933B4015-4618-4716-A828-5289FC03165F}) (Version: 1.2.0 - DivX, Inc) Hidden
    Virtual Moon Atlas (HKLM\...\Virtual Moon Atlas) (Version: - )
    VLC media player (HKLM\...\VLC media player) (Version: 3.0.6 - VideoLAN)
    VSO Downloader 5.0.1.56 (HKLM\...\{3C5CD638-CAD0-4F6C-81FD-B37D47B411F7}_is1) (Version: 5.0.1.56 - VSO Software)
    VSO EVE Network Driver version 1.0.0.28 (HKLM\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.28 - VSO Software)
    Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
    WinPcap 4.1.3 (HKLM\...\WinPcapInst) (Version: 4.1.0.2980 - CACE Technologies)
    Xvid 1.1.3 final uninstall (HKLM\...\Xvid_is1) (Version: 1.1 - Xvid team (Koepi))

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> C:\Windows\system32\OLE32.DLL (Microsoft Windows -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{026371C0-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{030B4A80-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{030B4A81-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{030B4A82-1B7C-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{1E216240-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{1F6F8D20-1B7D-11CF-9D53-00AA003C9CB6}\InprocServer32 -> C:\Windows\system32\comct232.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation -> Microsoft Corporation )
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation -> Microsoft Corporation )
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\Windows\system32\comct332.ocx (Microsoft Corporation -> Microsoft Corporation )
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{48E59293-9880-11CF-9754-00AA00C00908}\InprocServer32 -> C:\Windows\system32\msinet.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\WINDOWS\System32\COMCTL32.OCX (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> C:\Windows\system32\MSVBVM60.DLL (Microsoft Windows -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation -> Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
    SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Windows -> Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton 360\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton 360\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton 360\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton 360\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers1: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-01-23] (Glarysoft LTD -> Glarysoft Ltd)
    ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams.dll [2013-10-31] (Apple Inc. -> Apple Inc.)
    ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => -> No File
    ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll -> No File
    ContextMenuHandlers1: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton 360\Engine\22.15.2.22\NavShExt.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers2: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-01-23] (Glarysoft LTD -> Glarysoft Ltd)
    ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => -> No File
    ContextMenuHandlers2: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton 360\Engine\22.15.2.22\NavShExt.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2008-06-18] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
    ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton 360\Engine\22.15.2.22\buShell.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)
    ContextMenuHandlers6: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Program Files\Glary Utilities 5\ContextHandler.dll [2019-01-23] (Glarysoft LTD -> Glarysoft Ltd)
    ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll -> No File
    ContextMenuHandlers6: [Symantec.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton 360\Engine\22.15.2.22\NavShExt.dll [2019-03-27] (Symantec Corporation -> Symantec Corporation)

    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2010-05-27 16:52 - 2010-05-27 16:52 - 000375296 _____ () [File not signed] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    2007-06-06 20:23 - 2006-09-28 14:42 - 000065536 _____ (Hewlett-Packard Company) [File not signed] C:\hp\support\hpsysdrv.exe
    2007-09-22 11:51 - 2006-01-30 17:00 - 000098304 ____R (Hewlett-Packard) [File not signed] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
    2007-06-06 20:24 - 2007-02-15 11:59 - 000118784 _____ (OsdMaestro) [File not signed] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    2007-09-22 10:18 - 2007-05-18 09:00 - 000057344 _____ (Zenographics, Inc.) [File not signed] C:\Windows\system32\spool\PRTPROCS\W32X86\ZIMFPrnt.DLL
    2007-05-18 09:00 - 2007-05-18 09:00 - 000061440 _____ (Zenographics, Inc.) [File not signed] C:\Windows\System32\ZIMF.dll
    2007-05-18 09:00 - 2007-05-18 09:00 - 000102400 _____ (Zenographics, Inc.) [File not signed] C:\Windows\System32\ZLhp1018.DLL
    2007-05-18 09:00 - 2007-05-18 09:00 - 000106496 _____ (Zenographics, Inc.) [File not signed] C:\Windows\System32\ZSPOOL.dll
    2007-05-18 09:00 - 2007-05-18 09:00 - 000053248 _____ (Zenographics, Inc.) [File not signed] C:\Windows\System32\ZTAG.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:1CD23587 [224]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 11:23 - 2016-07-04 15:55 - 000000738 ____N C:\Windows\system32\drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\Common Files\DivX Shared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\G Alexander\Pictures\Wallpapers\4241797-desert.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
    Windows Firewall is disabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    If an entry is included in the fixlist, it will be removed.


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe (Microsoft Windows -> Microsoft Corporation)
    FirewallRules: [TCP Query User{3AF5A808-FE77-4E5A-9F43-660A8D106C25}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe] => (Allow) C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe No File
    FirewallRules: [UDP Query User{E52E81F7-D069-4AC7-B1AC-29A060DDF2BB}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe] => (Allow) C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe No File
    FirewallRules: [{D7CCB283-1371-493D-B820-F4DAE4548B21}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
    FirewallRules: [{2E8F7809-C543-41D3-B0BE-3B1A911AC3A6}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
    FirewallRules: [{949ACCC7-7F85-4469-A54C-5323C4F3ABCB}] => (Allow) LPort=80
    FirewallRules: [{0C8C4D45-A451-4143-86F3-09D67535F10B}] => (Allow) LPort=80
    FirewallRules: [{72839E8E-996A-4462-899B-26D9C31F3607}] => (Allow) LPort=80
    FirewallRules: [{1F53DE0B-7666-455F-9284-4C7401FE06D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{4DF79B94-1A47-4862-923E-DB3985A70B54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{90727E9E-F82D-4071-8D9D-C77C670936E3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [{78F90010-76CD-4D01-B43E-67B8A5A70C1A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe No File
    FirewallRules: [{0D6DD88B-EAEE-4D3A-B4D2-48053C04CBC6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe No File
    FirewallRules: [{652C2B18-8CCD-4F87-91E7-02A5713A9E76}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe No File
    FirewallRules: [{7C5E791B-46A0-4C3D-8DAB-430E715B374B}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe No File
    FirewallRules: [{32390C3B-A318-4B13-B8FF-AF43FEC27DB1}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe No File
    FirewallRules: [{D6F96DAC-3D20-48F3-83F2-8F2F1B35CC3E}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe No File
    FirewallRules: [{0A145413-DB06-4F88-9D35-AC49F3FD086A}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
    FirewallRules: [{B2643494-79A3-4DBD-BDDC-281C30C9724F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{14911D9D-1333-48C6-9F6E-1871767FF3CF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
    FirewallRules: [{48AB32FA-824D-4E25-8CA1-CD7278B6F66F}] => (Allow) C:\Users\G Alexander\AppData\Local\Temp\nst571.tmpMoboInstall\mobogenieP2sp.exe No File
    FirewallRules: [{4C081EE2-0468-48D9-9D67-943D933DD794}] => (Allow) C:\Users\G Alexander\AppData\Local\Temp\nst571.tmpMoboInstall\mobogenieP2sp.exe No File
    FirewallRules: [{D337AB48-2276-44DE-B7A4-0A9A166A2A9F}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)
    FirewallRules: [{79A79359-5467-4971-99C5-A138D3DB2A4D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform Software Ltd)

    ==================== Restore Points =========================

    27-05-2019 10:47:08 Scheduled Checkpoint
    08-06-2019 11:01:30 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: USB CF Reader
    Description: USB CF Reader
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic
    Service: WUDFRd
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: USB MS Reader
    Description: USB MS Reader
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic
    Service: WUDFRd
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: USB SD Reader
    Description: USB SD Reader
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic
    Service: WUDFRd
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

    Name: USB SM Reader
    Description: USB SM Reader
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: Generic
    Service: WUDFRd
    Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
    Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/19/2019 03:23:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 3401

    Error: (06/19/2019 03:23:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 3401

    Error: (06/19/2019 03:23:17 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/19/2019 03:23:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 2184

    Error: (06/19/2019 03:23:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 2184

    Error: (06/19/2019 03:23:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (06/19/2019 03:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1139

    Error: (06/19/2019 03:23:15 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1139


    System errors:
    =============
    Error: (06/19/2019 11:20:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (06/18/2019 09:39:30 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (06/15/2019 11:30:34 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (06/13/2019 11:50:12 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (06/10/2019 09:06:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Norton Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (06/09/2019 11:00:20 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (06/04/2019 09:24:17 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

    Error: (06/04/2019 08:12:47 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.


    CodeIntegrity:
    ===================================

    Date: 2019-06-19 20:19:53.712
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 20:19:51.909
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 20:19:49.978
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 20:19:48.044
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\SYMEVENT.SYS because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 20:18:40.268
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190618.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 20:18:38.350
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190618.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 20:18:36.435
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190618.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

    Date: 2019-06-19 20:18:34.456
    Description:
    Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20190618.001\BHDrvx86.sys because the set of per-page image hashes could not be found on the system.

    ==================== Memory info ===========================

    BIOS: American Megatrends Inc. v5.05 05/29/2007
    Motherboard: Foxconn Lucknow
    Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz
    Percentage of memory in use: 91%
    Total physical RAM: 2038.63 MB
    Available physical RAM: 166.21 MB
    Total Virtual: 4320.54 MB
    Available Virtual: 1180.46 MB

    ==================== Drives ================================

    Drive c: (COMPAQ) (Fixed) (Total:141.4 GB) (Free:20.8 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (Recovery) (Fixed) (Total:7.65 GB) (Free:0.97 GB) NTFS ==>[system with boot components (obtained from drive)]


    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 149.1 GB) (Disk ID: 1549F232)
    Partition 1: (Active) - (Size=141.4 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=7.6 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
  7. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi,

    Windows Vista is no longer supported by Microsoft - it will no longer receive regular updates, and is becoming more out-of-date. Many programs no longer support Vista. My suggestion would be to upgrade to at least Windows 7 (which is supported by Microsoft).
    However, we can continue with the cleanup. Let me know what you decide.
     
  8. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    Yes, let's proceed with the cleanup. Thanks.
     
  9. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi,

    Which files are taking up the most space according to WinDirStat?

    ---------------------------------------------------

    Did you set a proxy in Firefox?

    ---------------------------------------------------

    Did you intentionally install the Firefox extension Flash Video Downloader?

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix
    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      CreateRestorePoint:
      EmptyTemp:
      CloseProcesses:
      BootExecute: autocheck autochk *
      CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
      Task: {036D8FCA-9504-4FC6-8E2B-C9BCC87A45F3} - System32\Tasks\{7C3FB5FD-4DF7-42AE-B958-D1C774043252} => C:\Windows\system32\pcalua.exe -a "C:\Users\G Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAA3MRYY\setup[1].exe" -d "C:\Users\G Alexander\Desktop"
      Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK -> No File <==== ATTENTION
      Task: {1FB8D179-9CB8-426F-A09B-2C0317C58C3E} - System32\Tasks\{CA631791-60F9-4940-90AF-0B55608DE95F} => C:\Windows\system32\pcalua.exe -a "C:\Users\G Alexander\Downloads\i2pinstall_0.9.28_windows(1).exe" -d "C:\Users\G Alexander\Downloads"
      Task: {6607BFF6-6501-410C-A7B3-AA017A2DD669} - System32\Tasks\{EBA6B74F-9D6A-43AF-8883-DDCEF437A9DB} => C:\Windows\system32\pcalua.exe -a E:\Setup.Now.exe -d E:\
      Task: {8B657E3B-1A8B-4CF3-9E27-F2D490D62EA5} - System32\Tasks\{D23F5DAA-7393-4AB4-867C-31A7F4D688BB} => C:\Windows\system32\pcalua.exe -a C:\Windows\iun6002.exe -c "C:\Users\G Alexander\Downloads\irunin.ini" <==== ATTENTION
      Task: {A53F798E-B694-4B93-9FF0-99AF8EEBA4F6} - \SUPERAntiSpyware Scheduled Task 8c8481dd-6ad2-4e5c-bceb-4ebcc78b1a3b -> No File <==== ATTENTION
      Task: {A63A4518-BDD8-41EC-89E0-B6AE52DB35B5} - System32\Tasks\{E2D357DF-6ECD-4191-ACAC-6AD6C6098591} => C:\Windows\system32\pcalua.exe -a "C:\Users\G Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAA3MRYY\setup[2].exe" -d "C:\Users\G Alexander\Desktop"
      SearchScopes: HKLM -> DefaultScope value is missing
      SearchScopes: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=GB&ver=22.15.2.22&locale=en_GB&guid=AAF36E2B-58F6-11DF-BB8D-9833D262F732&doi=2016-09-01&gct=kwd&qsrc=2869
      BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
      BHO: No Name -> {97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} -> No File
      Toolbar: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
      FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
      FF Plugin HKU\S-1-5-21-4238356135-1069967474-2706294926-1000: @tools.google.com/Google Update;version=3 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [No File]
      CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360\Engine\22.15.2.22\Exts\Chrome.crx <not found>
      S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe" [X]
      S3 avchv; system32\DRIVERS\avchv.sys [X]
      S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
      S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
      S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
      S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
      S3 STV680; system32\drivers\STV680.sys [X]
      S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
      S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
      \{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
      CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
      ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => -> No File
      ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll -> No File
      ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => -> No File
      ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll -> No File
      AlternateDataStreams: C:\ProgramData\TEMP:1CD23587 [224]
      FirewallRules: [TCP Query User{3AF5A808-FE77-4E5A-9F43-660A8D106C25}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe] => (Allow) C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe No File
      FirewallRules: [UDP Query User{E52E81F7-D069-4AC7-B1AC-29A060DDF2BB}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe] => (Allow) C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe No File
      FirewallRules: [{D7CCB283-1371-493D-B820-F4DAE4548B21}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
      FirewallRules: [{2E8F7809-C543-41D3-B0BE-3B1A911AC3A6}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
      FirewallRules: [{78F90010-76CD-4D01-B43E-67B8A5A70C1A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe No File
      FirewallRules: [{0D6DD88B-EAEE-4D3A-B4D2-48053C04CBC6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe No File
      FirewallRules: [{652C2B18-8CCD-4F87-91E7-02A5713A9E76}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe No File
      FirewallRules: [{7C5E791B-46A0-4C3D-8DAB-430E715B374B}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe No File
      FirewallRules: [{32390C3B-A318-4B13-B8FF-AF43FEC27DB1}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe No File
      FirewallRules: [{D6F96DAC-3D20-48F3-83F2-8F2F1B35CC3E}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe No File
      virustotal: C:\Windows\system32\DRIVERS\ACFXAU32.exe;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe;C:\Windows\System32\drivers\npf.sys;C:\Users\G Alexander\AppData\Roaming\wklnhst.dat
      CMD: Bitsadmin /Reset /Allusers
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.
     
  10. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    The folders taking up the most space on WinDirStat are Norton 360 Backup followed by folders containing video and images, etc.

    My Firefox browser should not have a proxy server.

    The Flash Video Downloader was downloaded intentionally but is no longer functional since Firefox changed its certificates.

    I noticed in the instructions that Crl + C to copy is used but there is no mention of Crl + V to paste. Would this have made any difference?

    But here is the log anyway:

    Fix result of Farbar Recovery Scan Tool (x86) Version: 19-06-2019
    Ran by G Alexander (21-06-2019 11:35:22) Run:1
    Running from C:\Users\G Alexander\Downloads
    Loaded Profiles: G Alexander (Available Profiles: G Alexander)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    BootExecute: autocheck autochk *
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
    Task: {036D8FCA-9504-4FC6-8E2B-C9BCC87A45F3} - System32\Tasks\{7C3FB5FD-4DF7-42AE-B958-D1C774043252} => C:\Windows\system32\pcalua.exe -a "C:\Users\G Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAA3MRYY\setup[1].exe" -d "C:\Users\G Alexander\Desktop"
    Task: {17409CE8-43BB-4CCB-A113-31E4DB21BA8B} - \IHUninstallTrackingTASK -> No File <==== ATTENTION
    Task: {1FB8D179-9CB8-426F-A09B-2C0317C58C3E} - System32\Tasks\{CA631791-60F9-4940-90AF-0B55608DE95F} => C:\Windows\system32\pcalua.exe -a "C:\Users\G Alexander\Downloads\i2pinstall_0.9.28_windows(1).exe" -d "C:\Users\G Alexander\Downloads"
    Task: {6607BFF6-6501-410C-A7B3-AA017A2DD669} - System32\Tasks\{EBA6B74F-9D6A-43AF-8883-DDCEF437A9DB} => C:\Windows\system32\pcalua.exe -a E:\Setup.Now.exe -d E:\
    Task: {8B657E3B-1A8B-4CF3-9E27-F2D490D62EA5} - System32\Tasks\{D23F5DAA-7393-4AB4-867C-31A7F4D688BB} => C:\Windows\system32\pcalua.exe -a C:\Windows\iun6002.exe -c "C:\Users\G Alexander\Downloads\irunin.ini" <==== ATTENTION
    Task: {A53F798E-B694-4B93-9FF0-99AF8EEBA4F6} - \SUPERAntiSpyware Scheduled Task 8c8481dd-6ad2-4e5c-bceb-4ebcc78b1a3b -> No File <==== ATTENTION
    Task: {A63A4518-BDD8-41EC-89E0-B6AE52DB35B5} - System32\Tasks\{E2D357DF-6ECD-4191-ACAC-6AD6C6098591} => C:\Windows\system32\pcalua.exe -a "C:\Users\G Alexander\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YAA3MRYY\setup[2].exe" -d "C:\Users\G Alexander\Desktop"
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NGC&chn=1000&geo=GB&ver=22.15.2.22&locale=en_GB&guid=AAF36E2B-58F6-11DF-BB8D-9833D262F732&doi=2016-09-01&gct=kwd&qsrc=2869
    BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
    BHO: No Name -> {97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} -> No File
    Toolbar: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll [No File]
    FF Plugin HKU\S-1-5-21-4238356135-1069967474-2706294926-1000: @tools.google.com/Google Update;version=3 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll [No File]
    CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton 360\Engine\22.15.2.22\Exts\Chrome.crx <not found>
    S3 McComponentHostService; "C:\Program Files\McAfee Security Scan\3.11.266\McCHSvc.exe" [X]
    S3 avchv; system32\DRIVERS\avchv.sys [X]
    S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
    S4 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S4 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S4 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    S3 STV680; system32\drivers\STV680.sys [X]
    S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
    S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\GoogleUpdate.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
    \{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770}\InprocServer32 -> no filepath
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\GoogleUpdateOnDemand.exe" => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
    CustomCLSID: HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
    ContextMenuHandlers1: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => -> No File
    ContextMenuHandlers1: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll -> No File
    ContextMenuHandlers2: [ReflectShellExt] -> {DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => -> No File
    ContextMenuHandlers6: [SmartDefragExtension] -> {189F1E63-33A7-404B-B2F6-8C76A452CC54} => C:\Windows\System32\IObitSmartDefragExtension.dll -> No File
    AlternateDataStreams: C:\ProgramData\TEMP:1CD23587 [224]
    FirewallRules: [TCP Query User{3AF5A808-FE77-4E5A-9F43-660A8D106C25}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe] => (Allow) C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe No File
    FirewallRules: [UDP Query User{E52E81F7-D069-4AC7-B1AC-29A060DDF2BB}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe] => (Allow) C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe No File
    FirewallRules: [{D7CCB283-1371-493D-B820-F4DAE4548B21}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
    FirewallRules: [{2E8F7809-C543-41D3-B0BE-3B1A911AC3A6}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
    FirewallRules: [{78F90010-76CD-4D01-B43E-67B8A5A70C1A}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe No File
    FirewallRules: [{0D6DD88B-EAEE-4D3A-B4D2-48053C04CBC6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe No File
    FirewallRules: [{652C2B18-8CCD-4F87-91E7-02A5713A9E76}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe No File
    FirewallRules: [{7C5E791B-46A0-4C3D-8DAB-430E715B374B}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe No File
    FirewallRules: [{32390C3B-A318-4B13-B8FF-AF43FEC27DB1}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe No File
    FirewallRules: [{D6F96DAC-3D20-48F3-83F2-8F2F1B35CC3E}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe No File
    virustotal: C:\Windows\system32\DRIVERS\ACFXAU32.exe;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe;C:\Windows\System32\drivers\npf.sys;C:\Users\G Alexander\AppData\Roaming\wklnhst.dat
    CMD: Bitsadmin /Reset /Allusers

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
    HKLM\SOFTWARE\Policies\Google => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{036D8FCA-9504-4FC6-8E2B-C9BCC87A45F3}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{036D8FCA-9504-4FC6-8E2B-C9BCC87A45F3}" => removed successfully.
    C:\Windows\System32\Tasks\{7C3FB5FD-4DF7-42AE-B958-D1C774043252} => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7C3FB5FD-4DF7-42AE-B958-D1C774043252}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17409CE8-43BB-4CCB-A113-31E4DB21BA8B}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17409CE8-43BB-4CCB-A113-31E4DB21BA8B}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IHUninstallTrackingTASK" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FB8D179-9CB8-426F-A09B-2C0317C58C3E}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FB8D179-9CB8-426F-A09B-2C0317C58C3E}" => removed successfully.
    C:\Windows\System32\Tasks\{CA631791-60F9-4940-90AF-0B55608DE95F} => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CA631791-60F9-4940-90AF-0B55608DE95F}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6607BFF6-6501-410C-A7B3-AA017A2DD669}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6607BFF6-6501-410C-A7B3-AA017A2DD669}" => removed successfully.
    C:\Windows\System32\Tasks\{EBA6B74F-9D6A-43AF-8883-DDCEF437A9DB} => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{EBA6B74F-9D6A-43AF-8883-DDCEF437A9DB}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B657E3B-1A8B-4CF3-9E27-F2D490D62EA5}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B657E3B-1A8B-4CF3-9E27-F2D490D62EA5}" => removed successfully.
    C:\Windows\System32\Tasks\{D23F5DAA-7393-4AB4-867C-31A7F4D688BB} => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D23F5DAA-7393-4AB4-867C-31A7F4D688BB}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A53F798E-B694-4B93-9FF0-99AF8EEBA4F6}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A53F798E-B694-4B93-9FF0-99AF8EEBA4F6}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SUPERAntiSpyware Scheduled Task 8c8481dd-6ad2-4e5c-bceb-4ebcc78b1a3b" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A63A4518-BDD8-41EC-89E0-B6AE52DB35B5}" => removed successfully.
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A63A4518-BDD8-41EC-89E0-B6AE52DB35B5}" => removed successfully.
    C:\Windows\System32\Tasks\{E2D357DF-6ECD-4191-ACAC-6AD6C6098591} => moved successfully
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E2D357DF-6ECD-4191-ACAC-6AD6C6098591}" => removed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => removed successfully.
    HKLM\Software\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => not found
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully.
    HKLM\Software\Classes\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C} => removed successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} => removed successfully.
    HKLM\Software\Classes\CLSID\{97F4988F-6D68-4abc-9F18-7B5AAFFDACE4} => not found
    "HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => removed successfully.
    HKLM\Software\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => not found
    HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0 => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully.
    "C:\Users\G Alexander\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll" => not found
    HKLM\SOFTWARE\Google\Chrome\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe => removed successfully.
    HKLM\System\CurrentControlSet\Services\McComponentHostService => removed successfully.
    McComponentHostService => service removed successfully.
    HKLM\System\CurrentControlSet\Services\avchv => removed successfully.
    avchv => service removed successfully.
    HKLM\System\CurrentControlSet\Services\blbdrive => removed successfully.
    blbdrive => service removed successfully.
    HKLM\System\CurrentControlSet\Services\IpInIp => removed successfully.
    IpInIp => service removed successfully.
    HKLM\System\CurrentControlSet\Services\NwlnkFlt => removed successfully.
    NwlnkFlt => service removed successfully.
    HKLM\System\CurrentControlSet\Services\NwlnkFwd => removed successfully.
    NwlnkFwd => service removed successfully.
    HKLM\System\CurrentControlSet\Services\STV680 => removed successfully.
    STV680 => service removed successfully.
    HKLM\System\CurrentControlSet\Services\ZAM => removed successfully.
    ZAM => service removed successfully.
    HKLM\System\CurrentControlSet\Services\ZAM_Guard => removed successfully.
    ZAM_Guard => service removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{4DF0C730-DF9D-4AE3-9153-AA6B82E9795A} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => removed successfully.
    \{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\G Alexander\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File => Error: No automatic fix found for this entry.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E436EBB3-524F-11CE-9F53-0020AF0BA770} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E436EBB8-524F-11CE-9F53-0020AF0BA770} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => removed successfully.
    HKU\S-1-5-21-4238356135-1069967474-2706294926-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => removed successfully.
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ReflectShellExt => removed successfully.
    HKLM\Software\Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => not found
    HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SmartDefragExtension => removed successfully.
    HKLM\Software\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54} => removed successfully.
    HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\ReflectShellExt => removed successfully.
    HKLM\Software\Classes\CLSID\{DEBB9B79-B3DD-47F4-9E5C-EA6975BAB611} => not found
    HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SmartDefragExtension => removed successfully.
    HKLM\Software\Classes\CLSID\{189F1E63-33A7-404B-B2F6-8C76A452CC54} => not found
    C:\ProgramData\TEMP => ":1CD23587" ADS removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{3AF5A808-FE77-4E5A-9F43-660A8D106C25}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E52E81F7-D069-4AC7-B1AC-29A060DDF2BB}C:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D7CCB283-1371-493D-B820-F4DAE4548B21}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E8F7809-C543-41D3-B0BE-3B1A911AC3A6}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78F90010-76CD-4D01-B43E-67B8A5A70C1A}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D6DD88B-EAEE-4D3A-B4D2-48053C04CBC6}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{652C2B18-8CCD-4F87-91E7-02A5713A9E76}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C5E791B-46A0-4C3D-8DAB-430E715B374B}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{32390C3B-A318-4B13-B8FF-AF43FEC27DB1}" => removed successfully.
    "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D6F96DAC-3D20-48F3-83F2-8F2F1B35CC3E}" => removed successfully.
    VirusTotal: C:\Windows\system32\DRIVERS\ACFXAU32.exe => (3) Error
    VirusTotal: C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe => (3) Error
    VirusTotal: C:\Windows\System32\drivers\npf.sys => (3) Error
    VirusTotal: C:\Users\G Alexander\AppData\Roaming\wklnhst.dat => (3) Error

    ========= Bitsadmin /Reset /Allusers =========


    BITSADMIN version 3.0 [ 7.0.6001 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========


    =========== EmptyTemp: ==========

    BITS transfer queue => 8388608 B
    DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 715336844 B
    Java, Flash, Steam htmlcache => 1154 B
    Windows/system/drivers => 4530 B
    Edge => 0 B
    Chrome => 0 B
    Firefox => 43890451 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Users => 0 B
    Default => 66228 B
    Public => 0 B
    ProgramData => 0 B
    systemprofile => 197898 B
    LocalService => 33058 B
    NetworkService => 33058 B
    G Alexander => 349410 B

    RecycleBin => 0 B
    EmptyTemp: => 732.7 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 11:38:17 ====
     
  11. iMacg3

    iMacg3 Malware Specialist

    Joined:
    Nov 3, 2018
    Messages:
    618
    Hi,

    We'll remove the Proxy and Flash Video Downloader extension:

    ---------------------------------------------------
    Farbar Recovery Scan Tool - Fix

    • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
      Code:
      Start::
      Createrestorepoint:
      FF NetworkProxy: Philips-Songbird\Profiles\ojjsllfg.default -> no_proxies_on", "127.0.0.1;localhost"
      FF NetworkProxy: Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775 -> autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us0-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS dyn-51-89-139-89-30a-1f1e29.fourqt.com:663';}"
      FF Extension: (Hoxx VPN Proxy) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\@hoxx-vpn.xpi [2018-08-07] [Legacy]
      FF Extension: (Flash Video Downloader) - C:\Users\G Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\3n1i3k8c.default-1481992509775\Extensions\[email protected] [2019-03-19]
      Reboot:
      End::
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
    • Double-click FRST.exe/FRST64.exe to run it.
    • Press the Fix button just once and wait.
    • Restart the computer if prompted.
    • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
    • Please copy and paste its contents into your reply.

    ---------------------------------------------------
    AdwCleaner

    Download AdwCleaner and save it to your desktop.
    • Right-click on AdwCleaner.exe and select Run as Administrator
    • Accept the EULA (I accept), then click on Scan.
    • Let the scan complete. If no objects are detected, close the AdwCleaner window.
    • If any objects are detected, uncheck any items you want to keep.
    • Click on the Clean and Repair button.
    • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
    • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.
    Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

    Let me know how the computer is doing and if there are any outstanding issues
     
  12. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    Can I ask two questions first?

    Firstly does it not matter that what is copied, i.e. Ctrl + C, is also not then pasted, Ctrl + V?

    Secondly what are you intending to do with my VPN? The VPN is not on continually but can be switched on and off as required.
     
  13. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    I've been looking more critically at the previous FRST Fix and there are a number of features I'd like to query.

    Why do we need to modify my Firewall rules? I don't use BT Broadband anymore, I use TalkTalk.

    Also a number of softwares are itemized that I don't actually use, i.e. Yahoo! Messenger, McAfee Anti-virus and Google (update). Ideally I would like all the remnants of these softwares permanently removed from my system.
     
    Last edited: Jun 22, 2019
  14. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    I ran AdwCleaner and 5 threats were removed. Here's the log:

    # -------------------------------
    # Malwarebytes AdwCleaner 7.3.0.0
    # -------------------------------
    # Build: 04-04-2019
    # Database: 2019-06-18.1 (Cloud)
    # Support: https://www.malwarebytes.com/support
    #
    # -------------------------------
    # Mode: Scan
    # -------------------------------
    # Start: 06-22-2019
    # Duration: 00:00:38
    # OS: Windows Vista (TM) Home Premium
    # Scanned: 27551
    # Detected: 5


    ***** [ Services ] *****

    No malicious services found.

    ***** [ Folders ] *****

    PUP.Optional.AdvancedSystemCare C:\ProgramData\IObit\Advanced SystemCare
    PUP.Optional.AdvancedSystemCare C:\Users\G Alexander\AppData\Roaming\IObit\Advanced SystemCare
    PUP.Optional.Conduit C:\Windows\System32\config\systemprofile\AppData\Local\SEARCHPROTECT
    PUP.Optional.DriverBooster C:\Users\G Alexander\AppData\Roaming\IOBIT\Driver Booster
    PUP.Optional.SupportDotCom C:\Users\G Alexander\AppData\Roaming\supportdotcom

    ***** [ Files ] *****

    No malicious files found.

    ***** [ DLL ] *****

    No malicious DLLs found.

    ***** [ WMI ] *****

    No malicious WMI found.

    ***** [ Shortcuts ] *****

    No malicious shortcuts found.

    ***** [ Tasks ] *****

    No malicious tasks found.

    ***** [ Registry ] *****

    No malicious registry entries found.

    ***** [ Chromium (and derivatives) ] *****

    No malicious Chromium entries found.

    ***** [ Chromium URLs ] *****

    No malicious Chromium URLs found.

    ***** [ Firefox (and derivatives) ] *****

    No malicious Firefox entries found.

    ***** [ Firefox URLs ] *****

    No malicious Firefox URLs found.


    AdwCleaner[S00].txt - [6628 octets] - [02/02/2019 17:13:59]
    AdwCleaner[C00].txt - [5708 octets] - [02/02/2019 17:14:49]
    AdwCleaner[S01].txt - [1789 octets] - [02/02/2019 17:20:17]
    AdwCleaner[C01].txt - [1899 octets] - [02/02/2019 17:20:41]
    AdwCleaner[S02].txt - [1911 octets] - [02/02/2019 17:24:51]
    AdwCleaner[S03].txt - [1972 octets] - [07/03/2019 22:43:26]
    AdwCleaner[C03].txt - [1751 octets] - [07/03/2019 22:45:06]
    AdwCleaner[S04].txt - [2094 octets] - [17/03/2019 21:13:09]
    AdwCleaner[C04].txt - [1873 octets] - [17/03/2019 21:13:57]
    AdwCleaner[S05].txt - [2216 octets] - [17/03/2019 21:17:50]

    ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S06].txt ##########
     
  15. James321

    James321 Thread Starter

    Joined:
    Apr 10, 2013
    Messages:
    288
    Following your advice I tried to upgrade to Windows 7 but keep getting the message "Windows 7 Upgrade Advisor unable to reach Microsoft server."
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Unknown Agent using
  1. AlexanderG
    Replies:
    0
    Views:
    431
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1228658

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice